Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Oracle Spearheads Data Management Standards Effort



 By: Matt Hines
2006-11-29
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
By centralizing management of personally identifiable information outside of corporate applications, the company maintains that businesses can ease the burden of handling sensitive customer data.

Oracle is aiming to help companies improve their ability to manage and protect sensitive customer information with a new initiative that encourages businesses to isolate such data outside of individual IT applications.

The company introduced the project, called the Identity Governance Framework, or IGF, on Nov. 29, and said it specifically seeks to aid companies in handling sensitive identity-related employee, customer and partner information as it flows across heterogeneous applications.

If businesses pull such information out of their IT systems and enterprise applications and store the data in more centralized repositories, they will be much less likely to suffer the breaches that have left many companies fighting to defend their reputations after high-profile incidents where sensitive records have been lost or mishandled, Oracle officials said.

At the heart of the IGF standards initiative is a list of technological guidelines meant to help companies establish "contracts" between their applications and repositories of sensitive information, including four software components already endorsed by Oracles partners in the effort, which include Sun Microsystems, Novell, Ping Identity and Securent. Other technology providers considering participation in the program include BEA Systems, IBM and SAP, Oracle officials said.

Oracle executives said that the company decided to launch the effort as it considered the challenges it faces in finding ways to help its own customers manage the flow of sensitive information across its various database and enterprise applications. The initiative was specifically touched off by the work Oracle is doing to help protect such data in its next-generation Fusion enterprise software.

Resource Library:

The standards proposed by IGF are meant to complement other data governance policies being drafted by groups including the Higgins Project, Liberty Alliance and OASIS, and the database giant is hopeful that one of those industry groups will decide to sponsor its work, said Amit Jasuja, vice president of development for security and identity management at Oracle, in Redwood Shores, Calif.

"The reason we look at these types of standards as a sound approach in handling identifying information is we understand the need for our products to coexist in every company with software from lots of different players," Jasuja said. "Today companies are struggling to find ways to better manage information across different directories and development environments to try and approach this problem more effectively; theres been improvement over the last year, but we saw areas where we felt there was more work that could be done to help customers fight the underlying issue of identity theft."

Companies should look closely at how they manage their databases to make the compliance auditing process less painful and more cost-effective, analysts say. Click here to read more.

The initial IGF standards proposed by the group include CARML (Client Attribute Requirement Markup Language), an XML-based programming technique that consists of a so-called contract defined by application developers to inform IT workers about the usage requirements of an application related to sensitive data. Another element, the AAPML (Attribute Authority Policy Markup Language), consists of a set of policy rules for managing the use of identity-related information from a repository that allow the database to specify parameters regarding the use of information by other applications.

The initiative has also proposed an API meant to make it easier for software developers to build programs in a manner that conforms with policies regarding the use of sensitive data, along with an Identity Service, which is supposed to help developers create standardized methods for sourcing identity-related data from multiple repositories.

Jasuja said that most of Oracles customers admit that they only know that 25 percent of their sensitive data is stored where it is adequately protected, while the remainder of the information is distributed throughout many different applications and repositories. If the information can be pulled out of those applications and placed within the boundaries of a more strict data governance framework such as that proposed via IGF, businesses ability to defend their most valuable customer information will be greatly enhanced, he said.

"Companies need to ensure that they have the appropriate controls in place over all identifying data; they need to ask themselves where the information is stored, how it is used, and whether it is in compliance with all the necessary regulations and privacy issues for their respective industries," Jasuja said. "Were talking about a fairly significant way of reformatting the manner in which people deal with this sort of data that gets into development, policy and management of enterprise applications."

Oracle officials said that even longtime rival Microsoft is mulling the proposed standards over, and the database company hopes its competitor is willing to join the effort. Microsofts Active Directory software lies at the bottom of many businesses existing records-management strategies, which would make the companys participation in IGF that much more important, said Jasuja.

Some of Oracles partners in the effort have already begun advocating for IGF to marry its work with specific standards groups.

"The direction which the IGF is heading is positive," Don Bowen, director of Identity Integration for Sun Microsystems, said in a statement. "Sun supports its submission to a standards body and thinks the Liberty Alliance may be best, as it is a natural and essential evolution of the work already done within that organization."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.



  Reader Comments: Oracle Spearheads Data Management Standards Effort
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


xr80VӮc*dK.kʶ<<ձ $)CRv{%Ο 7](ɗjrw&DސH$~ 'I">2 pFs3I}"I~xC(7GSo92t9%G jY)Q]̉]kky(,Q  tjOt0]2dԵ;s6!gesO/cߨ`&`1\q٨XC< tבyG%yC_DRงgEQ~%c#ַ8>v@ߩV:AÙML}!*{|HJ%h!1Qus_ady4;U;]K8$C1nCUVekV6^;s9Fȹ3z$>Lo$Gd jI:*`iTi11܋kQ^]ñ&\./RF͌iAwtԭSzcGGgԏ 1,{`<E9$7 \j?yfO,ӇqtRB'lǦ,j؏`U[۾xs=4.j.9bcm H&>_iD ӱaGPQ~AimȆu{RM*QR,הb~/^ߛȹ-Ӟ5Q9npfoz㯽sj.z `|`h-vu]+h5u=;yظ} Vb;}" @D%\.fI"0i56tt򰚄:~Hs|T㍒~wjy%R+ iɥzd$Y̮g fVҘ 'UUjH,ǝq%?Zڗu&u}X&ZhCA+tV1iP9m<]rt.[ݛ9^VsCR=BgC: ɷV~['^=z,rG=jiTj{S{r&޺t|9!9Io 'ȿ۾Bd}#$7W$̏Q5 x#JosDfw[ W4j5t-M>¿ E/<@'Lw P3Z$923=Pru&Sk~$M kM`3R˼ĿIK2_VJ-ɿEh+dԌTwIQa#waxl|!XsI((GNlO}戳CrlNTVʒ0Wb{g#o\zcOfuEzW^?]{68^%glh|X.B2iK1QWG5MGRŦc~+%YE*G8ʍ??1B m]&Gtϭ `6 0hvz3ȜCݶOCGs>2胎6ml-ƙ$ ,70}HOQI$qp{4ڭ-%H_bD}x3V=H:6Zχ$'CMߟs#09w ښA<QС4}a hp.ppyY?90>o 9#z[MKx GGsե6 q0y z[ dQJ 4H.BD(ZHB!Alq [$pXV(VZzGBjK%'BP*m=!đtLZ*}-΍5aGe-n^ $ d3CCd0U Q򍜈<"`&ˑea*0pRx5VnZbަ!By^FqIL8ZUj@5YQeMoڠrH{:unsx9tw OHSJza-|:= -Is:yNu&S瞈r ?nzF탪Azs[dLThWfs&ᠺ Jd@`Wru]gC4'*Jor_N)Hj`~-n^ßݴ#>d .z*H(p0ѿ{6yBbOx;r+kF*+)ܳP>Д +< +1!I/ӧLESr :w'Ne?ZĿL?ͺz+YF^u 9R@{4 m 24@Ȱ\k_X5QW0: ,) ŠiYl`cy!Csz QIZts7\Pe?M }d2cF6jISʑbY;LY`beQIirij>NЃX`-|f:gs?RlC48c$(̕>E XXfThjUVz Ä끈7_E3ca{62tJ.,a暺/-*{5eWlJsWs3躢΍Ʊ4]bj\<~ɯ©9j6|*j0FBċV8l^x}uFɜN4:E80e9Cb+[ǙXT*[Pfۻ(Qܧ&;alâ˘_ c>(cpH,`_\<ׇ> B LRE\ ~1~1UŠP=]`uX]oXL+*)Gpϟ  sWyG濙?O~k-}4Ӣ-h0 %5-" ?ŤX LkQsGŕRrCa׃13~3b_@URTʚwZu^쥠]pHA`! Нv;#ؐCKAk1ʯA'8UnF* ϛ=GD1*@7Z ɖ~gVɲ Ն'yϤM͋pR|5}M>p)~7-="J'\Ukp{9A;D< r?H_-ϼBN7x^ox061<^ ?tUJ`|hSIpg#HٚIμVuLYRL5߼Ap52An]/XV;~+㧠gsɜC/ƻ~rnf@D䛧h> LVk i>ⵚV+giO6Gu"M."8&08zGdDRz+>n ~/I6kj fS))r*H+ů 3ˁ㚆/sO3~a51t&Y1 A5`|l'We7M3*PZJp9҃ u^A##ȫͦGkj@'܉(~ }$DC>km{~L\XPY\܈MP*jIIz$peUbk=b iW&s\x&\_{sƋbo)Q^r+Gs;"ʌg b|r{q>'F{Ȉ4PG e+jBgyr @Ns-$NM6fƲ}A~eGq+$eZU ՂV'LtPpz]Fߋ eRԣ{{k7}3݀ G(w}}4WIP*5]*я{ s s41zAbU-ã,z(d0rYj eP.8N}+&<==a?up-49^I(jԈ xϰLc V(YŵyAhhqNFٿUG K -$P) WAhxa{I62$KO}y9rF8q~_8UwA{Dڝg(E ^-_Ը]@MC~:I˖Թh~hc4.[-j2i&A)p]2|̮WVsAцۧ0BF@ɁwsѼй_>w)#r޹lK^+Γ!G7y!BVç='uxq)qm2XG42zqasif@ t[kN,SVXKR! }&>CmP6hNن{+^+[Ě_6oB?JΎx0(G@R`OH[%#ZyKtZ;-38Ǟw}dh !腘:Ua2"(BR.IHOUxjt(x6;Fٿ~i X x4~K0wFGgqkV3a~:)}A/m9˙~DҴ(o l"tSkԛC25G#jGYk.NEl=O[?qu#1ðaTwd* e~=m2첰tC$<1OтL)dJH$F=)!*ښI$"8J542 eI? Md4㓘PV Pɂ#'59ݻ<]ҹsyx2iI(5~y*AB|$Hy0Jw鳁VKu^c'`|xR=Na0OO3)WY^=tӨjVtwfu@:'NxwĎ#^@(NVp2k=x'[_Y.t0o9]#ޣd=tWcL 塺1%zv`5g3@ \:`Q S[ıp7߆؉ ?O.yr osל8Jnф99V9ʳ0q!~<,?93ݴqn4kҼ?1L۠_ |1$?[0;#|&~>xFM{@uS意g 9rEۨ+=lKpڗ{vO n4]9ngUsb{I2$BUUk ۻʾ\EVeΜtٓ^t*<>rgx7Yu (f,yi96>gnR3-|4GPc{~}q.e~W(TR/fO$J骇9]MT--^\RK>]+U뀞< h`#Ba"fFs8EE[o\g=zn1DŽ??C4ȥN4?tFor:? G Ofx՛3\6@$Tx\[w5&P)<A~F<v4);7y:z}hn;d⫆ܖ~@F' zYXW+2/[QVD3>>d纋^7 ӗ'\fQ[{iYxwSfeh' 1@s΢~cWp,q(LAɛFn׊c G{ W B6G܂cוUdB1Y8npGa,O)ZYLzt(P6pРkNxl09_B󳠫렳,)4Ϝ{,& M\`[*n2g38c:&ZP(#x;أwoZLs}V&aA@A7Z wqRJX,,lGɒ+voWHܰJCym"[8So@jA-iϒ&iMj4*ϔ&"!Yʤ'SN&T RF,3 69lw|g-@z0nQ/@yמĉ I29ЊMVJLVgY񄗣hYPl~D ~(#]+2Y~ 4HoGP7OJ\K$\R@TtyXf#TLj,U !嬟&I{0v,sBm [TP/,iR/I+Ǘx:<-u8#Ā!#K:L8P E4%l,z"|@ӲV{<4A/wG#1*Q |I (ش٤ܲ.CvGJZA]K~hb6@xRG4h-L>"ooOUv"Zؖ Eʉ)ZZ|K \$lҹ>) ^> Zr7jV)T1uZ"H4 6KWA/7ǽ;jʶZ|.9 8CEy%] 3SDwbTdIyE8̟_ {B6N!ܥ&sJ:qfV_H]jFJ{^xԗaE3I2ނX̠.JTPzPY?HUٳ'̣x[ $X~.RoJ`-KEI84ꖔ0eEA<. $ci'ٔOt1^>  (eQ7%%^zAE]yˆ/锎ąٔߋ#^k~-lp ,Z VdyFgZ9lIӦԛYh2irіt_ЅH-|I-ry 6 βS~ۘ "=r }.x{:O%a>Ǖ= Жx³SSzK]:<e)53h~LodO2]^IIͽ=ڶ/hG `|F0w-c l C(OW=~]&Uֿe#{tѥLioJY0VC|_~?$-gZc ~2oH@85kQ/NID(&wmƊ8c[YƳ@◷IV , %%]݃^:#z@]Msg|O/Ym/<=qQ}u\`H2&cӲ뿓$ySlz`'8^4bd=-D?\<=G&!Z61^U=6RQ^ũ߳yxH](Z@L7e ~Z+ RA`cs|d:Okbdc;XicakS;Xif+yBE ~K-y-JYթH -ݾ]嫏<5CϤcf 7pKm'$:s'6x7m#x;4lSKaZ$~TRU1s_"̶1jB ?GZA)r P׃ь\\#UMhբ f9ږLVej*9f0'"ڟI\G:g0RI+ۺg=Õ_hL֠K&tlkaZ<<~Q,턂R!Fғߊl|~Al9sXx[Mw5=0^(]LGjbyüe ^Rc$W mM{6aiљH Wkn3R)59?S\mD 9vsȑۋuNhO0VpͬG[RJYIva~Xev7)h@t[M[0~(Bsn`߷b~m9\G6يbrMu,?`(;/R-'|͌V:mǦAOcLN(<Ā&$ Ĉ[ bU&wܠ~z*ڟO5ҽ' )jUeQb+;Z75 o9U@8AnKiw _|L'`߄w>FS.Mo Arj$p ?l@`m¼ϴ@BSx}ޏðo\Ixc#k3`z rF@Yj$G P56WĄ:iYf\oz~}C@g 嵉Dp@ MꪂOJ 2,=VR<>ۣA~guEr H@+^@03:%_Ч6#+f%<`brڽ&Mrznާu^yO_a[+N|Sw/'ݫ/u粟khbv>L5m+Lide(AN/r=\H^Eƒ<^;OKvYGcqq |?߀)Qe;̋ Q~s4015cl۽֖SـVőt,5]r2;Znzfh9j0zQc Ó!ba>oIk&5+<r<(3_3ʯz}IgwQ__'P~s ?/?gVieC:CL2^Qʿ/?A5.21 { E~.`Ƞ ϋ Dg(Q~gd_@EF9e^\f%eu݌wAt3OK7C\}\e5u``k}'O?g>g3sn&&~oon2/$)CAy3ϚWpzz;"9(/R*zUKӌgȳ+F7^˰sk3ce_/ˀ/qsum%R+ ]Q%>=Mk[I2}ח c|U(X2M*!#(^>&c˼$=)>w槤Ixո]@&JRW[O'ikr(s<2g!gs=U3-Du"\5̽p'eybAV̤-c@#]~̬(WGUtsn y%>| SG0]=Mԝ\ڎvڝGf{ueePcvdmoCdy^$ٟRqFPg^u= :!Y>YCPW,MdB'pZ`(fZ gKqbB]SKto3 >}58]WnƜ8& >$usC\ԴZjRsG?'׈d6#8 "2fDdU*[ZX,.g /(@#غM{%}Ciy=q̐ga1VJ!'\Bx[Q]We",d aQKp^'WvŐ@0~Y8P*`!K؞:F^͇$r^gLߟcZ納c 6&Klɜ]k'bC']\L͡3O,O~f+g 7.@c d߻C!NMx u0t Lwz\n2&3!Mť{:/Tx| "e*%궍{} Q0Yq˭d<@T6?rށwr$}[H-6zwn#KFU:x/ C4t'S!_n \#X?ap[b2 BL/u xƍQg%EM̸ _b O!"q0q?I*_yl xdDأO$ѓ] `8O 0,L6 qS),#!1苄IM&Z{JF!-\r|;6MeW'yD k!vRA#>;ul>;+kDҫ. E7^'(z ̸>tɣR8K)#qkGSXnDZxY{6DOj fiyU (pd+v1/E帘cw[/I)H0\dz\g;n6{tϘJm{X|@ăx!$[0W?} [l=7m%@A tXl3%^z'Io=G}k_VeńK!F>HYUҎ_[;@B#$Cb9G8]! ""_Sani.y>ಁe":} S sgTt|!,ڍNM[ U|ٱsh0Ŭ‘Ѷz SO~n^(Co\k<>cipΧ^pgUvy*s*>`H6A1^<;z>ׁKu_!HnOvGD '>6'كl4p}́ XsCQ%7` ={[=HHJ B Oɮx*hl'`wDl .3*/YF hWa!*e76K((Xp^GAtm;>;Ar,#;Ѝ5O|3'5cgb@xVOm{~kC'> ;ثu 2^9FBLj3mf^^kti( aaXf cJ\g'ۂ~Ӎ+2S<"Y4/'L_ xje .^3 {e75wHR#z.i|ԃ!gn耵]݄6:L]Ll&j1Bi>c1bfrW`2M]s]x O!(f"!V0rlǝl| n!%#^&Ůvbecc*